In December, Microsoft announced a major security flaw affecting its Internet Explorer web browser. The flaw allowed hackers to use hidden computer code they had already injected into legitimate websites to steal the passwords of visitors to those sites. Reportedly, more than 10,000 websites were infected with the destructive code by the time Microsoft came forward with the news. The announcement grabbed big headlines, emerging as it did during the Christmas season while unsuspecting online shoppers were clicking away. As Eric Schultze, CTO of Roseville, Minnesota-based patch-management solutions provider Shavlik Technologies, explained it, hackers were exploiting legitimate websites via SQL injection techniques. This article reports how hackers are now targeting weaknesses in sites that people trust. Several suggestions on how school districts can protect themselves from malicious malwares are presented.